Details of VAR-201806-1777

ID

VAR-201806-1777

CVE

CVE-2018-4833

TITLE

plural Siemens Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-006612

DESCRIPTION

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request. plural Siemens The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). The SCALANCE X-204RNA Industrial Ethernet network access point enables the connection of non-PRP terminal devices. The RUGGEDDCOM WiMAX product line offers a dedicated wireless WAN solution. The RFID 181-EIP is an RFID communication module for Ethernet/IP that connects two serial SIMATIC identification readers to an Ethernet/IP scanner. The SIMATIC RF182C is an RFID communication module for Ethernet TCP/IP and XML for connecting two serial SIMAITC identification readers to a PC or other programmable device that can communicate via Ethernet TCP/IP and XML. Multiple SIEMENS product heap overflow vulnerabilities. An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. Siemens RFID 181-EIP, etc. are all products of Germany's Siemens (Siemens). SCALANCE X-200 is an industrial grade Ethernet switch product. The following products and versions are affected: Siemens RFID 181-EIP; RUGGEDCOM WiMAX Version 4.4, Version 4.5; SCALANCE X-200 up to 5.2.3; SCALANCE X-200 IRT up to 5.4.1; SCALANCE X-204RNA; SCALANCE X- 300; SCALANCE X408; SCALANCE X414; SIMATIC RF182C

Trust: 2.7

sources: NVD: CVE-2018-4833 // JVNDB: JVNDB-2018-006612 // CNVD: CNVD-2018-11400 // BID: 104482 // IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // VULHUB: VHN-134864

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // CNVD: CNVD-2018-11400

AFFECTED PRODUCTS

vendor:	siemens	model:	ruggedcom wimax	scope:	eq	version:	4.5	Trust: 2.7
vendor:	siemens	model:	ruggedcom wimax	scope:	eq	version:	4.4	Trust: 2.7
vendor:	siemens	model:	scalance x200	scope:	lt	version:	5.2.3	Trust: 1.8
vendor:	siemens	model:	rfid 181-eip	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	scalance x300	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	simatic rf182c	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	scalance x408	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	scalance x414	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	scalance x204rna	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	rfid 181-eip	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	simatic rf182c	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	scalance x200irt	scope:	lt	version:	5.4.1	Trust: 1.0
vendor:	siemens	model:	scalance x-300	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x200 irt	scope:	lt	version:	5.4.1	Trust: 0.8
vendor:	siemens	model:	scalance x204rna	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x408	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x414	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance	scope:	eq	version:	x408	Trust: 0.6
vendor:	siemens	model:	scalance	scope:	eq	version:	x414	Trust: 0.6
vendor:	siemens	model:	scalance irt	scope:	eq	version:	x-200<5.4.1	Trust: 0.6
vendor:	siemens	model:	scalance	scope:	eq	version:	x-200<5.2.3	Trust: 0.6
vendor:	siemens	model:	ruggedcom wimax	scope:	eq	version:	v4.4	Trust: 0.6
vendor:	siemens	model:	ruggedcom wimax	scope:	eq	version:	v4.5	Trust: 0.6
vendor:	siemens	model:	scalance x-204rna	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance	scope:	eq	version:	x-300	Trust: 0.6
vendor:	siemens	model:	scalance x200irt	scope:	eq	version:	5.1.0	Trust: 0.6
vendor:	siemens	model:	scalance x200irt	scope:	eq	version:	5.0.0	Trust: 0.6
vendor:	siemens	model:	simatic rf182c	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x4140	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x4080	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x-3000	Trust: 0.3
vendor:	siemens	model:	scalance x-204rna	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance irt	scope:	eq	version:	x-2000	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x-2000	Trust: 0.3
vendor:	siemens	model:	rfid 181-eip	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance irt	scope:	ne	version:	x-2005.4.1	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	ne	version:	x-2005.2.3	Trust: 0.3
vendor:	rfid 181 eip	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ruggedcom wimax	model:	-	scope:	eq	version:	4.4	Trust: 0.2
vendor:	ruggedcom wimax	model:	-	scope:	eq	version:	4.5	Trust: 0.2
vendor:	scalance x200	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance x200irt	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance x204rna	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	scalance x300	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	scalance x408	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	scalance x414	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	simatic rf182c	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // CNVD: CNVD-2018-11400 // BID: 104482 // JVNDB: JVNDB-2018-006612 // CNNVD: CNNVD-201806-876 // NVD: CVE-2018-4833

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4833
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4833
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-11400
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201806-876
value:	HIGH
Trust: 0.6
IVD:	e2f3a541-39ab-11e9-815a-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-134864
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4833
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-11400
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f3a541-39ab-11e9-815a-000c29342cb1
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-134864
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4833
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // CNVD: CNVD-2018-11400 // VULHUB: VHN-134864 // JVNDB: JVNDB-2018-006612 // CNNVD: CNNVD-201806-876 // NVD: CVE-2018-4833

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-122	Trust: 1.0

sources: VULHUB: VHN-134864 // JVNDB: JVNDB-2018-006612 // NVD: CVE-2018-4833

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201806-876

TYPE

Input validation error

Trust: 1.1

sources: IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // BID: 104482 // CNNVD: CNNVD-201806-876

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006612

PATCH

title:	SSA-181018	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf	Trust: 0.8
title:	Patches for multiple SIEMENS product heap overflow vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/131863	Trust: 0.6
title:	Multiple Siemens Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80924	Trust: 0.6

sources: CNVD: CNVD-2018-11400 // JVNDB: JVNDB-2018-006612 // CNNVD: CNNVD-201806-876

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4833	Trust: 3.6
db:	SIEMENS	id:	SSA-181018	Trust: 2.3
db:	ICS CERT	id:	ICSA-18-165-01	Trust: 1.7
db:	BID	id:	104482	Trust: 1.0
db:	CNVD	id:	CNVD-2018-11400	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-876	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-006612	Trust: 0.8
db:	IVD	id:	E2F3A541-39AB-11E9-815A-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-134864	Trust: 0.1

sources: IVD: e2f3a541-39ab-11e9-815a-000c29342cb1 // CNVD: CNVD-2018-11400 // VULHUB: VHN-134864 // BID: 104482 // JVNDB: JVNDB-2018-006612 // CNNVD: CNNVD-201806-876 // NVD: CVE-2018-4833

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf	Trust: 2.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-165-01	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4833	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4833	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-18-165-01	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-18-165-01	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-11400 // VULHUB: VHN-134864 // BID: 104482 // JVNDB: JVNDB-2018-006612 // CNNVD: CNNVD-201806-876 // NVD: CVE-2018-4833

CREDITS

Dr. Ang Cui and Joseph Pantoga from Red Balloon

Trust: 0.3

sources: BID: 104482

SOURCES

db:	IVD	id:	e2f3a541-39ab-11e9-815a-000c29342cb1
db:	CNVD	id:	CNVD-2018-11400
db:	VULHUB	id:	VHN-134864
db:	BID	id:	104482
db:	JVNDB	id:	JVNDB-2018-006612
db:	CNNVD	id:	CNNVD-201806-876
db:	NVD	id:	CVE-2018-4833

LAST UPDATE DATE

2024-08-14T14:19:56.983000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11400	date:	2018-06-13T00:00:00
db:	VULHUB	id:	VHN-134864	date:	2020-01-16T00:00:00
db:	BID	id:	104482	date:	2018-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-006612	date:	2018-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201806-876	date:	2020-12-16T00:00:00
db:	NVD	id:	CVE-2018-4833	date:	2020-12-14T21:15:13.660

SOURCES RELEASE DATE

db:	IVD	id:	e2f3a541-39ab-11e9-815a-000c29342cb1	date:	2018-06-13T00:00:00
db:	CNVD	id:	CNVD-2018-11400	date:	2018-06-13T00:00:00
db:	VULHUB	id:	VHN-134864	date:	2018-06-14T00:00:00
db:	BID	id:	104482	date:	2018-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-006612	date:	2018-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201806-876	date:	2018-06-13T00:00:00
db:	NVD	id:	CVE-2018-4833	date:	2018-06-14T16:29:00.333